I was trying to deploy some client AV packages today, there was an x86 version (x32 Bit) and a x64 bit version of the client software. As I was deploying the software via Group Policy I needed to write a different policy for each package. Then I needed to make sure the x32 bit client only deployed to x32 bit machines, and the 64 bit client only deployed to x64 bit machines.
To do that you need a simple WMI filter.
Create an x86 (32 Bit) WMI Filter
Open the Group Policy Management Console (gpmc.msc) on a domain controller > Drill down to your domain > WMI Filter > New > Give it a sensible name (you will be picking it from a list) > Add > Paste in the following;
[box]SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’32′[/box]
Click OK > Accept the warning > OK.
Create a 64 Bit WMI Filter
Open the Group Policy Management Console (gpmc.msc) on a domain controller > Drill down to your domain > WMI Filter > New > Give it a sensible name (you will be picking it from a list) > Add > Paste in the following;
[box]SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’64′[/box]
Click OK > Accept the warning > OK.
Applying a WMI Filter to a GPO
With the group policy selected > Scope Tab > WMI Filtering > Select the appropriate filter.
Related Articles, References, Credits, or External Links
I only use Autoroute once a month, (when I put my mileage in at work!). So this month I had a head slap when it was one of the bits of software I had forgotten to install on my freshly rebuilt laptop. So I fired up the setup for Autoroute 2007 and it failed.
So I moaned and was furnished with a shiny new copy of Autoroute 2011. But when I tried to install it, this happened.
Microsoft Autoroute 2011 Setup One of the prerequisite components failed to install. Setup will now exit.
Solution
It installed fine on my colleagues laptop so the problem had to be something to do with me. I did manage to get the product installed by running the data.msi file and installing the product that way, this got me further but then I got this error,
Microsoft Autoroute A licensing initialisation error has occurred. Please contact customer support for more assistance. Error 0x80070005
I got round that by installing in compatability mode, and running the install from command line admin mode. (Press Windows Key+X).
When I finally got the program installed, it would launch then crash. I installed it in a virtual machine and it worked faultlessly? I unistalled the product and compared my installed programs with the ones on my working virtual machine, I found that the C++ Distributable and the Microsoft Access database engine 2010 had different sizes? These were the prerequisites that Autoroute wanted to install at the very beginning.
So I unistalled everything ad tried to install the prerequisites manually, and then I located an issue,
You cannot install the 32 bit version of Microsoft Access Database Engine 2010 because you currently have 64-bit Office products installed.
So (begrudgingly) I removed x64 office and installed x86 Office.
Then the Access Database Engine Installed but the C++ wouldn’t! Because a newer version was installed.
A newer version of Microsoft Visual C++ 2010 Redistributable has been detected on the machine.
Microsoft could you please make this software MORE incompatible with MORE bits of your OWN software please, I’ve spent a large chunk of my morning trying to fix this now!
Fix the problem and get it installed.
1. Make sure you are running an x32 bit version of Office. (see above)
2. Press Windows Key+R > appwiz.cpl {enter}, Uninstall ALL the following if present,
Microsoft Office Access Database Engine. Microsoft Autoroute 2011. ALL Instanced off C++ Redistributable (all the x86 ones and All the x64 ones).
3. Reinstall Autoroute 2011.
4. Install the x64 bit C++ Redistributable from here.
5. It should now work fine.
Related Articles, References, Credits, or External Links
Note: This page was originally written before the release of the Cisco x64 bit Windows 7 Client
KB ID 0000163
Problem
I was widely accepted for some time that Cisco’s support for the IPSEC VPN client will not be extended to x64 bit Windows platforms, That’s simply because they are gearing up towards their own AnyConnect VPN client.
Update 18/02/10 – Cisco have released an x64 Bit VPN Client for Windows 7 (vpnclient-winx64-msi-5.0.07.0240-k9-BETA).
The cost to swap over to SSL/AnyConnect VPN, in terms of licensing and consultancy is VERY high.
NCP have had a x64 bit compatible client on the market for a while to get round that, but its not free (though considerably less than a bunch of SSL VPN licence’s!) However, as is the way with these things, as soon as people are forced to pay for stuff, someone will produce a free piece of software to do the same.
Step forward Shrew Soft, I test a lot of stuff, and its rare that a piece of free ware is as feature rich as the commercial product – but this is 🙂
Solution
1. Firstly I’m assuming you already have the VPN setup, working, and tested, on your Cisco PIX/ASA device, if not CLICK HERE for instructions, or if your scared of command line try THIS or THIS.
2. You need to know the same three primary pieces of information that you need to configure the Cisco VPN Client, those are,
a. The public IP address of the device you are connecting to. b. The “Tunnel Group Name” of the remote access VPN c. The “Shared Secret” of the remote access tunnel group
To get the last two pieces of information issue a “more system:running-config” command on your firewall.
[box]
Petes-ASA# more system:running-config
{keep pressing the space bar to scroll though the config}
While moving to Windows 8, I had a problem installing the Cisco ASDM software.
Cisco ASDM-IDM Launcher Information Java Runtime Environment is not installed on this machine. Please install Java Runtime Environment from http://java.sun.com/javase/downloads/
Solution
I was sure I HAD installed Java, I headed here to make sure.
It turns out that the ASDM needs the 32 bit version of Java AS WELL. Download and install that, and he ASDM will install without error.
Update 25/01/13
Had this problem again this morning, I tried to install Java 32 and it complained that I already had it installed! I had to remove the 64 bit version, Install the 32 bit version and reboot before I attempted to install the ASDM. (I also connected to a 7.1(1) version of the ASDM to download the installer (I’m not sure that is relevant).
Related Articles, References, Credits, or External Links
Just as I was hunting around for an NFR version of Cisco ISE 1.3, they released 1.4. I wasn’t sure if I could upgrade my NFR version without breaking it so I thought I would ‘have a go’.
Solution
If you read the documentation for the upgrade of 1.2 to 1.4, I suggest you skip straight to the tasks to do AFTER upgrade, as it has a habit of resetting things back to default, best to make sure you know how everything is setup that might break before you start.
This upgrade took me a long time! The best part of an afternoon!
1. Before we do anything let’s take a snapshot, just in case it all goes to hell in a hand cart.
2. Gotcha! The upgrade fails if you have any expired certificates, even disabling them wont help, you need to delete all expired root certs before you start.
3. Copy the upgrade file from an FTP server to the ISE device, it wont show you any progress bar, go and get a coffee, if it does not error it’s probably copying over OK :).
4. When you get the prompt back you can check it’s there with a ‘dir’ command.
5. Before you can upgrade you need to create a repository for the upgrade;
[box]
ISE-01/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ISE-01(config)# repository upgrade
ISE-01(config-Repository)# url disk:
% Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes.
If this repository is not created in the ISE web UI, it will be deleted when ISE services restart.
ISE-01(config-Repository)# exit
ISE-01(config)# exit
[/box]
6. Then you need to ‘prepare’ for the upgrade.
[box]
ISE-01/admin# application upgrade prepare ise-upgradebundle-1.2.x-to-1.4.0.253.x86_64.tar.gz upgrade
Getting bundle to local machine...
md5: 35a159416afd0900c9da7b3dc6c72043
sha256: e3358ca424d977af67f8bb2bb3574b3e559ce9578d2f36c44cd8ba9e6dddfefd
% Please confirm above crypto hash matches what is posted on Cisco download site.
% Continue? Y/N [Y] ? Y
[/box]
7. Start the upgrade, this takes ages, go and have at least three coffees.